Yet another healthcare provider has revealed that they were hacked by thedarkoverlord (TDO). Dr. Robert Spies, a plastic surgeon in Scottsdale, Arizona, has notified HHS and his patients of the hackers’ attempt to extort the practice.
Although he does not name the hackers responsible in a notice on his web site, Dr. Spies explains:
On December 10, 2018, we became aware cyber criminals gained unauthorized access to our computer network. We immediately contacted the FBI and local law enforcement authorities and have been cooperating with their investigations. We also engaged computer experts to determine if our systems and information were at risk. The investigation determined that the criminals could have viewed or accessed documents that contained patients’ personal and medical information, including names, addresses, dates of birth, procedure notes, diagnoses, medications and health insurance numbers. For a small handful of patients, the criminals could have viewed Social Security, driver’s license and/or passport numbers, if provided for verification purposes, a credit card number or financial account number, or pre-op photos. At this time, there is no evidence that patient information has been misused.
His report is entirely consistent with other information DataBreaches.net had obtained about this incident. In December, thedarkoverlord had posted a notice on KickAss that said:
We’ve hacked a high-end plastic surgery business located in Arizona, United States. This surgery center is owned by Doctor Robert J. Spies and operates on celebrity patients. His website is (www.azplasticsurgerycenter.com). We’ll share some of his data with yoou, since he’s refused our most handsome business proposition.
Link: (link redacted by DataBreaches.net, even though it is no longer live).
If you’d like to let him know how foolish he’s been, you can SMS his mobile at (redacted by DataBreaches.net) or his e-mail at (redacted by DataBreaches.net).
The sample data was a 531.8 MB archive with folders containing “Dictations” (75 files), “Photos” (more than 160 photos), and “Patient ID Verification” (4 files). The Dictations folder and Photos folder contained more than one file or image for some patients, so these were not all unique patients in each folder.
Many of the photos in the archive released by the hackers would permit identification of patients because in some cases, you can see the patients’ faces, and in other cases, the filenames for the photos may contain the patient’s first initial and last name.
DataBreaches.net is not reproducing any of the data from the archive the hackers provided.
Inspection of the meta data suggests that the newest dictation files were created December 5, 2018 and related to services or consultations conducted on November 28, 2018.
As with their hack of the London Bridge Plastic Surgery Center, TDO may have hoped that people — especially celebrities — would pay good money not to have their before, during, or after pictures of plastic surgery released publicly. Whether TDO is privately trying to extort patients directly is unknown to this site, but Dr. Spies seems to have refused to pay them, and has reported the incident to law enforcement, HHS, and his patients. According to his notification to HHS, he has notified 5,524 patients.